Endless problems with certificates and/or RSA keys.

I

igort

Member
Proxmox Subscriber
Feb 12, 2021
6
0
6
50
After the reinstallation of the third node with the same IP and host name, endless problems with certificates and/or RSA keys...
It doesn't help either:
ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R .....
pvecm updatecerts --force
systemctl restart pvedaemon pveproxy (on all nodes)
systemctl restart pvedaemon pvestatd pveproxy corosync (on all nodes)

Errors are currently changing - disk replication and/or vnc from one node to VMs on another node does not work.The above works from some nodes to another node. If I solve one of the problems, another one appears...I think it happened and everything works, but after rebooting one node the problems return. I patch one problem, another one appears.

Currently, ssh login is possible from all nodes to all nodes without a password. But vnc and replication from node1 to node2 does not work. Replication works from node1 to node3. Replication from node2 to node1 also works.

I am asking for advice on how to permanently solve the mentioned problems.Maybe delete all certificates and install new ones? What is the correct way to do this?

Thanks!
 
Last edited:
Thanks sb-jw, I also came across these instructions. The described procedure seems too radical to me.

I would like a more official answer.
In short, I have 3 nodes, one was reinstalled with the same IP and hostname. I did that according to the official instructions...

Now the situation is:
The 1st node does not do replication and vnc to the 2nd node. According to the 3rd node, everything works.
The 2nd node everything is fine (replication to 1st and 3rd nodes and VNC to VM on 1st and 3rd nodes).
The 3rd node does not do replication and vnc to the 2nd node. According to the 1st node, everything works.

Where exactly is the problem and how to solve it?
Thanks!
 
igort said:
I cleaned it as "Deleted member 205422" said. Everything still works fine.
Click to expand...
No worries! They are all good procedures. I am the deleted member. :)

There's a patch (mentioned in the thread, within the Bugzilla report), there's the cleanup possible (the issues might come back later until it's fixed) or the SSH certificates (as mentioned in the tutorial, they bypass the problem for the future too).

Currently there's ongoing changes in the developer mailing list to fix it once and for all as well:
https://lists.proxmox.com/pipermail/pve-devel/2024-January/061319.html

You don't have to do anything more if it works, hopefully it's fixed next release, if it happens again you have to clean up again (or use the certs).
 
  • Like
Reactions: igort
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back